[Oct 02, 2023] Get New NSE5_FSM-5.2 Practice Test Questions Answers [Q16-Q30]

Rate this post

[Oct 02, 2023] Get New NSE5_FSM-5.2 Practice Test Questions Answers

NSE5_FSM-5.2 Dumps and Exam Test Engine

QUESTION 16
In the rules engine, which condition instructs FortiSIEM to summarize and count the matching evaluated data?

Time Window

Aggregation

Group By

Filters

QUESTION 17
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

PH_DEV_MON_PROC_STOP

Postfix-Mail-Slop

Generic_SMTP_Process_Exit

PH_DEV_MON_SMTP_STOP

QUESTION 18
Refer to the exhibit.

A FortiSIEM administrator wants to collect both SIEM event logs and performance and availability metrics (PAM) events from a Microsoft Windows server Which protocol should the administrator select in the Access Protocol drop-down list so that FortiSIEM will collect both SIEM and PAM events?

TELNET

WMI

LDAPS

LDAP start TLS

QUESTION 19
In FotiSlEM enterprise licensing mode, if the link between the collector and data center FortiSlEM cluster a down what happens?

The collector drops incoming events like syslog. but slops performance collection

The collector continues performance collection of devices, but stops receiving syslog

The collector buffers events

The collector processes stop, and events are dropped

QUESTION 20
Which database is used for storing anomaly data, that is calculated for different parameters, such as traffic and device resource usage running averages, and standard deviation values?

Profile DB

Event DB

CMDB

SVN DB

QUESTION 21
Which process converts Raw log data to structured data?

Data enrichment

Data classification

Data parsing

Data validation

QUESTION 22
A FortiSIEM administrator wants to restrict a network administrator to running searches for only firewall devices. Under role management, which option does the FortiSIEM administrator need to configure to achieve this scenario?

CMDB Report Conditions

Data Conditions

UI Access

QUESTION 23
To determine SNMP discovery issues, which is the best command from the backend?

snmpwalk

phSNMPTest

snmptest

ssh

QUESTION 24
Which item is required to register a FortiSIEM appliance license?

Static storage

Static MAC address

Static IP address

Static Hardware ID

QUESTION 25
Refer to the exhibit.

The FortiSIEM administrator is examining events for two devices to investigate an issue However, the administrator is not getting any results from their search.
Based on the selected fillers shown in the exhibit, why is the search returning no results?

Parenthesis are missing

The wrong boolean operator is selected in the Next column

The wrong option is selected in the Operator column

An invalid IP subnet is typed in the Value column

QUESTION 26
Refer to the exhibit.

An administrator is trying to identify an issue using an expression bated on the Expression Builder settings shown in the exhibit however, the error message shown in the exhibit indicates that the expression is invalid.
Which is the correct expression?

Matched Events COUNT()

Matched Events(COUNT)

COUNT(Matched Events)

(COUNT) Matched Events

QUESTION 27
An administrator wants to search for events received from Linux and Windows agents.
Which attribute should the administrator use in search filters, to view events received from agents only.

External Event Receive Protocol

Event Received Proto Agents

External Event Receive Raw Logs

External Event Receive Agents

QUESTION 28
An administrator defines SMTP as a critical process on a Linux server. If the SMTP process is stopped, FortiSIEM would generate a critical event with which event type?

PH_DEV_MON_PROC_STOP

Postfix-Mail-Slop

Generic_SMTP_Process_Exit

PH_DEV_MON_SMTP_STOP

QUESTION 29
What protocol can be used to collect Windows event logs in an agentless method?

SSH

SNMP

WMI

SMTP

QUESTION 30
Refer to the exhibit.

If events are grouped by Event Receive Time, Reporting IP, and User attributes in FortiSIEM, how many results will be displayed?